The term “phishing” can be traced as far back as 1987. Since then, the risk of falling victim to a phishing attack has increased incrementally due to the world-changing adoption of internet users and the constant pool of personal information available through social media.
Phishing attacks are an email-based form of social engineering. Disguised as legitimate communication, the fraudulent email tricks the recipient into responding by enticing them to click a link, open an attachment, or directly provide sensitive information.
Phishing attacks have become one of the most prevalent methods of cybercrime because they are effective due to their ability to bypass detection methods and offer low risk as there is little chance of capture or retribution. Email is simple to deploy, making it easy to send large quantities of messages in a single attempt. Adding to the ease of deployment is the availability of low-cost phishing kits that include website development software, coding, spamming software, and content that can be utilized to create convincing websites and emails.
The attacker composes email messages of varying levels of sophistication.
The email will also contain a malicious element necessary to execute the attack and compromise the user.
The combination of content, context and emotional motivators is often what drives the success of a phishing attack. Should the phishing attack have the appropriate complexity, and the recipient takes the desired action, the attacker would then have gained the ability to access their personal information or the ability to penetrate the network and access vital information.
As with any organization, a comprehensive security platform that addresses people, technology and process minimizes the likelihood of a successful phishing attack. In the case of people, security awareness training will educate the recipients on what to look for in a phishing email and to report suspicious emails to their security teams. When it comes to technology, the utilization of sandboxing will analyze the unknown link or file and implement policy to prevent access if it is determined malicious; URL filtering will block known malicious websites and unknown websites to prevent attacks early on; and access to a threat intelligence cloud provides the combined knowledge of the global community, enabling protections if a similar attack has been seen before. To address the process, there should be a hierarchy of actions to take should a phishing attack successfully penetrate the network.